What is OHSAS

18001 and should i

care?

SAFER, SMARTER, GREENER

02 THE ROLE OF STANDARDS What is OHSAS 18001 and should I care?
The role of safety standards
When considering OHSAS 18001 or any similar
standard, an organization should be aware that
the standards do not replace or negate any
federal, state, or local regulations concerning
occupational safety and health issues. OHSAS
18001 was developed to provide organizations
with an internationally accepted system for
managing the organizations activities and
processes in order to reduce or eliminate OH&S
risks to employees. In general, the objective of
any type of standard, whether it relates to the
manufacture of cars, airplanes, and machinery, or
in the petrochemical process industry, or in the
delivery of a service - transportation, hospitals,
etc. - is the same. Standards are designed to
promote, facilitate and enable consistency in
activities and processes or to provide assurance
that the processes (for quality purposes, product
output) will meet requirements, to provide a
uniform and predictable outcome every time a
set of procedures are executed. It is important to
understand that standards, in and of themselves,
do not necessarily produce, in this case, safe
behavior or a safe workplace, or process.
The Occupational Health and Safety Assessment
Series (OHSAS 18001) standard was first
published in April 1999 and revised in July 2007
to improve alignment with ISO 14001:2004
throughout the standard. Compatibility with
ISO 9001:2000 was also improved in the
2007 revision. This was done to facilitate the
integration of quality, environmental and
occupational health and safety management
systems by organizations, should they wish
to do so. Today, OHSAS 18001 is not an
International Organization for Standardization
(ISO) standard or an ANSI standard but it is
internationally recognized. OHSAS 18001 was
specifically developed to enable organizations
to ystematically control OH&S risks and
improve performance. It does not state specific
performance criteria.
The OHSAS 18001 Standard may be applied
within any organization that wishes to:
1. Establish and implement an OH&S
management system in order to eliminate or
minimize hazards and risks to employees and
people working on its behalf.
2. Implement, maintain, and continually improve
its OH&S management system and specific
OH&S performance targets.
3. Provide a mechanism to facilitate
OSHA compliance.
4. Demonstrate to customers, employees, and
other stakeholders that the organization
conforms to an internationally recognized
standard.
OHSAS 18001 is compatible with the ISO
9001 and ISO 14001 series of standards and
their underlying principles and processes
such as the Plan-Do-Check-Act. While there
are some differences, OHSAS 18001 is also
very compatible with ANSI/AIHA Z10-2005,
American National Standard - Occupational
Health and Safety Management Systems which
was released on September 5, 2005 through the
American Industrial Hygiene Association (AIHA).
What is an Occupational Health and Safety
Management System?
An Occupational Health and Safety Management
System (OHSMS) provides a framework for
managing OH&S activities, procedures and
processes so they become more efficient and
a more integrated part of the overall business
operations. An OH&S management system also
provides a formal structure for identifying and
managing significant OH&S hazards and risks.
OH&S Management Systems are based on
standards which specify a process for achieving
improved OH&S performance and complying
with regulations.
DNV GL offers certification to the internationally
recognized assessment specification OHSAS
18001.
Registration can:
Reduce risk
Provide competitive advantages
Help companies maintain compliance with
legal requirements
Improve overall business and OH&S
performance

The standard
The OHSAS 18001 Standard
OHSAS 18001 is an international management
system standard developed with input from
international companies, cooperating National
Standards Bodies and registrars including DNV
GL . The standard consists of a Foreword
section that includes scope, definitions,
reference
publications and the auditable management
system requirements. It also includes an
informative Annex and Bibliography sections.
The structure of the OHSAS 18001 standard
The structure of OHSAS 18001 is complimentary
to the clause (element) structure of ISO 9001
and ISO 14001.
(Note: OHSAS 18001 has not been updated
to reflect the new clause numbering and
nomenclature of ISO 9001:2008 and ISO
14001: 2004.)
The Requirements of OHSAS 18001
4.1 General Requirements
4.2 OH&S Policy
4.3 Planning
4.3.1 Hazard identification, risk assessment
and determining controls
4.3.2 Legal and other requirements
4.3.3 Objectives and program(s)
4.4 Implementation and Operation
4.4.1 Resources, roles, responsibility,
accountability and authority
4.4.2 Competence, training and awareness
4.4.3 Communication, participation and
consultation
4.4.3.1 Communication
4.4.3.2 Participation and consultation
4.4.4 Documentation
4.4.5 Control of documents
4.4.6 Operational control
4.4.7 Emergency preparedness and
response
What is OHSAS 18001 and should I care? THE STANDARD 03
4.5 Checking
4.5.1 Performance measurement and
monitoring
4.5.2 Evaluation of compliance
4.5.3 Incident investigation, nonconformity,
corrective action and preventive action
4.5.3.1 Incident investigation
4.5.3.2 Nonconformity, corrective action and
preventive action
4.5.4 Control of records
4.5.5 Internal audit
4.6 Management Review
Basic Description of the OHSAS 18001 clauses
(elements)
4.1 General Requirements To establish and
maintain a management system that ensures
conformance to the standard. This should help
provide for regulatory compliance.
4.2 OH&S Policy In the terminology of OHSAS
18001, the policy is meant to establish an overall
sense of direction and define the principles of
action for an organization. This includes stating
overall health and safety objectives, and a
commitment to at least comply with applicable
legal requirements and other requirements to
which the organization subscribe that relate
to its OH&S hazards, prevention of injury and
ill health and continual improvement in OH&S
management and performance.
4.3 Planning
4.3.1 Hazard identification, risk assessment
and determining controls The
organization must identify and control
risks associated with routine and non-
routine activities of all persons having
access to the workplace (including
contractors and visitors).
4.3.2 Legal and Other RequirementsThe
organization must understand and be
aware of any regulations affecting
its operations and keep up to date.
Relevant personnel must be kept
informed.
04 THE STANDARD What is OHSAS 18001 and should I care?
4.3.3 Objectives and program(s)The
organization must set measurable
(quantifiable where practicable)
OH&S objectives and track results in
all relevant locations, levels and
functions. The organization shall
define programs for achieving its
objectives and define means to
monitor, review, update and record
as needed. Programs should include
designated responsibilities and
authorities and the means and
timeframe to achieve the objectives.
4.4 Implementation and Operation
4.4.1 Resources, roles, responsibility,
accountability and authority The
organization shall ensure the availability
of required resources and establish
roles, designated responsibilities
and authorities, ensure that these
are defined, documented and
communicated as appropriate.
4.4.2 Competence, training and awareness
The organization must have effective
procedures ensuring that personnel
assigned to tasks are competent.
4.4.3 Communication, participation and
consultation
4.4.3.1 Communication The
organization needs to determine
means to communicate internally,
with contractors and other visitors
and also define how to respond to
external interested parties
communications.
4.4.3.2 Participation and consultationThe
Organization needs to determine
how workers will participate in hazard
identification, risk assessments and
accident identification; consultation of
contractors where there are changes
that affect their OH&S.
4.4.4 Documentation -- The organization
must describe the elements of its OH&S
management systems in electronic or
paper form.
4.4.5 Control of documents -- The
organization must define control
mechanism for all internal and external
documents required by the OH&S
management system to ensure that they
are effectively managed and protected.
4.4.6 Operational controlThe
organization must establish, document
(as the standard requires), and
implement procedures to control
the identified hazards and risks of
its operations including stipulating
operating parameters and establishing
and maintaining procedures for the
design of the workplace.
4.4.7 Emergency preparedness and
responseThe organization must identify
the potential for accidents and incidents
and establish plans and procedures
to respond to them, including the
mitigation of any illness or injury.
4.5 Checking
4.5.1 Performance measurement and
monitoring The organization must
establish key performance parameters
to monitor the OH&S management
system and performance objectives,
considering the following: procedures,
qualitative and quantitative measures,
proactive and reactive performance
indicators, and recording of data.
4.5.2 Evaluation of complianceThe
organization must define means to
periodically evaluate compliance
with applicable legal requirements
and any other to which it subscribes.
4.5.3 Incident investigation,
nonconformity, corrective action
and preventive action
4.5.3.1 Incident investigation The
organization must establish and
maintain procedures that define how
the organization handles incidents (The
term accident is now included in the
term incident), identification of needed
actions to mitigate their consequences,
the initiation and close out of corrective
and preventive actions, and confirmation
of the effectiveness of the actions taken.
4.5.3.2 Nonconformity, corrective action
and preventive action The organization
must define means for dealing with
actual and potential nonconformity(ies)
and for taking corrective and preventive
actions and review their effectiveness.

Requirements
4.5.4 Control of records The organization
must maintain records and manage
them, as appropriate to the standard
and its own systems, to ensure that the
documentation is properly categorized,
traceable to the pertinent activities, is
legible and protected.
4.5.5 Internal audit -- The organization
should review and continually
monitor the effectiveness of its OH&S
management system through periodic
internal audits.
4.6 Management ReviewTop management
must conduct reviews of the OH&S
management system. This includes assessing
the system for continual improvement
opportunities, effectiveness, and suitability,
etc.
Should OHSAS 18001 certification be a part of
my companys business plans?
There are costs associated with implementing
an OH&S management system in conformance
to OHSAS 18001. If companies make this
investment, then it is extremely important that
they are able to derive positive benefits and a
financial return on that investment.
There are basically four reasons why any
organization would consider OHSAS 18001
certification:
1. Minimize health and safety risks to
employees and others
2. Improve business performance
3. Assist organizations in establishing
a responsible image within their
marketplace or industry sector
4. Ensure an impartial, credible assessment
of the OH&S management system
What is OHSAS 18001 and should I care? REQUIREMENTS 05
Some direct benefits to employees and to
the financial bottom line of the organization
which have been reported include:
Reductions in downtime and associated costs
Recognized demonstration of legal and
regulatory compliance
Increased access to new customers and
winning additional work (especially with
governmental agencies)
Reduction of public liability insurance costs
Reductions in the number of incident reports
(i.e., OSHA reportables) for several
consecutive periods
Due to the results achieved, certain organiza-
tions top management have justified direct re-
bates to employees for safety shoes andother
safety equipment, and existing PPE was often
enhanced.
Procedures were updated to reflect current
practices; Records were maintained and
standardized, which resulted in a more reliable
reporting system and more meaningful data.
All employees or those working on the or-
ganizations behalf have been trained and/
or refresher training has been provided, and
training has been extended into new em-
ployee orientation programs. Evacuation drills
were held as well as specialized training in
CPR, proper fireextinguisher use, spill cleanup,
pollution prevention, and conservation of en-
ergy and resources.
Turnover rate has decreased. Your answers or
responses to the benefits described above
should provide you with a strong basis to
make an informed decision as to whether OH-
SAS 18001 should be in your companys plans.
One thing is key, if based on the responses
to the above, you make a determination that
OHSAS 18001 should be in your companys
future, put plans in place to do it at your own
speed--- not someone elses. Do not wait until
your best customers, a governmental agency
or an industry association, give you an or else
ultimatum requiring you to be certified in six or
nine months in order to continue to do busi-
ness with them.
06 SELECTING A REGISTRAR What is OHSAS 18001 and should I care?

Selecting a Registrar
initial visit.) The size of the audit team and the
What does OHSAS 18001
duration of the on-site audit are a function of the
registration/certification require?
number of employees within the scope of the
Registration requires evidence of
audit, and the type and number of hazards and
implementation of OHSAS 18001 requirements,
the risks associated with the organizations
which includes: Procedures and records to
activities. Typically, two people would be
maintain compliance to applicable laws,
required to conduct the OHSAS 18001
commitment to continual Requirements
certification audit.
improvement (in a broad sense), and
commitment to prevention of accidents and
During the stage one audit (initial visit), the
incidents. The decision to actually certify an
audit team will check that the company has
organization to OHSAS 18001 will be dependent
identified all of the applicable federal, state
on the specific business goals that the company
and local OH&S requirements, statutes and any
has in conforming to the standard as well as
other requirements to which it subscribes. The
the market and public context in which the
effectiveness of the management review
company operates. For some companies,
process for identifying and defining hazards
independent, third-party certification may be the
and risks will also be evaluated. A review of
most beneficial option. For example, companies
how the significance of the identified hazards
selling products to markets in Europe or to
and risks is determined will also be conducted.
governmental agencies might face
Since OHSAS 18001 is based on a Plan-Do-
considerable pressure to obtain third-party
Check-Act model, the stage one audit of the
certification.
OH&S management system is focused on
ensuring that the plan aspect of the model has
However, even in Europe, companies should not
been effectively implemented. Areas of non-
presume certification will be necessary. It is very
conformity will be noted and corrective actions
important to understand that either third-party
may be required.
certification or self-declaration may be options.
Third-party certification may or may not be
The stage two audit (certification audit) is
mandated by the suppliers customers.
typically scheduled 4 to 6 weeks after the stage
one initial visit audit. The focus of stage two
Has there been acceptance of the OHSAS
audit is the do, check, act parts of the model.
18001 standard?
The auditors are seeking to objectively verify
While there is no accurate count of the
that the organization adheres to its OH&S policy,
number of certificates issued, the OHSAS
objectives, and procedures as they directly
18001 standard has been accepted and
relate to the requirements of OHSAS 18001.
adopted by businesses in many countries
The actual recommendation for certification to
throughout the world.
OHSAS 18001 is based on objective evidence
that the OH&S management system is in
What is the OHSAS 18001 certification process?
conformance with OHSAS 18001, and that
The basic steps to certification involve an
the organizations associated internal OH&S
independent evaluation (audit) by an external,
procedures are implemented and maintained.
unbiased company i.e., the OHSAS 18001
Ultimately, certification depends on whether or
certification body or registrar. Generally
not any major and/or minor non-conformances
speaking, a document review and a two stage
were issued by the auditor against the OH&S
on-site audit process are typical steps that
management system.
must be undertaken by an organization toward
achieving OHSAS 18001 certification. (An
optional pre-assessment may be selected in
addition to the two stage audit. This can be
conducted in conjunction with the stage one

How long does it take and how much will it cost?
The time required to implement an OHSAS 18001
compliant system is a function of the size of the
company, the number of people involved under
the scope of the certification, the complexity of
the processes, the sector in which the company
operates in, the number and significance of the
identified hazards and risks, and the degree to
which the existing OH&S management system
meets the requirements of the standard. A typical
time line for implementation is six to twelve months.
Certification costs, that is, those fees paid to the
registrar, are small compared to the overall internal
costs of the development and implementation
of the OH&S management system. The registrar
fees are a function of the audit days required to
verify conformance to the standard, which in turn
is a function of the hazards and risks associated
with the organizations activities and the number
of employees and sites, etc. Most registrars will
provide a no obligation costs quotation on request.
Selecting a Registrar
If you are planning on becoming certified to OHSAS
18001 or another accredited management system
standard, the selection of your certifying body is
an important decision. Everything being equal, this
is a relationship that will be in place for a very long
time. That is why it is so important that your choice
is one which will provide you with a partnership
approach to certification, provide you with value-
added services and result in a certification that is
recognized and accepted by your customers and
prospects. In the OHSAS 18001 marketplace there
are a large number of registrars offering certification
services. It is an unregulated market - that is,
anybody can set themselves up as an OHSAS 18001
registrar, perform audits and issue certificates. It is
very much a buyer beware market place. So how
do you go about making an informed decision
when selecting your registrar?
If you call several companies and ask a series of
challenging questions - What was your experience
with XYZ registrar? What impressed you most about
the registrar? What did you least like about your
dealings with them? Would you recommend them
to others? If you ask these questions of six or seven
companies, you will get a pretty good picture of the
overall character and the philosophy of the registrar.
Everything being equal, this is a relationship that
will be in place for a long time and it is therefore
imperative that you make a decision based on
sound information.
What is OHSAS 18001 and should I care? SELECTING A REGISTRAR 07
Areas to consider when evaluating registrars:
Technical competencies
Interpretation of the standard and overall
philosophy
Price
People factors
Technical competencies
Most registrars that are accredited have very similar
technical competencies. These competencies are
defined and are mandatory requirements of the
accreditation bodies or the professional standards
body. The rules that registrars operate under
are largely governed by what is known in the
certification industry as accreditation bodies. Most
of the countries that have adopted or accepted the
OHSAS 18001 standard have their own national
accreditation body. In the U.S. that body is
the American National Accreditation Board
(ANAB formerly the RAB). Having management
system accreditation by ANAB, RVA or another
accreditation body is an important attribute when
selecting a registrar and a key factor in making
your initial short list of candidates. In order to
become accredited a registrar must undergo
a rigorous audit and review process. However,
registrars accredited for OHSAS 18001 in order to
maintain their accreditation, are subject to ongoing
surveillance audits and other formal requirements
to ensure the quality of their services and for the
maintenance of technical competencies. Not all
accredited registrars are created equal. There are
considerable differences between them that should
be assessed before a selection is made.
Interpretation of the OHSAS 18001 standard and
the overall philosophy
There may be variances in how registrars interpret
the OHSAS 18001 standard and/ or their general
audit philosophy. As examples, are they auditing to
the letter of the standard or do they adopt a more
pragmatic approach of auditing to the intent of the
standard? What kind of customer service response
can you expect if you select a particular registrar?
What is their track record on customer satisfaction?
What experience does this particular registrar
have in your industry sector, how many certificates
have they issued to businesses like yours? These
questions are best answered by talking to clients
who have selected and become certified by the
registrar that you are considering.
08 SUMMARY What is OHSAS 18001 and should I care?
Summary
Reference accounts are fine but are generally
selected or pre-screened by the registrar.
A more effective and potentially unbiased
approach is for you to make the customer
selection yourself. If a registrar is accredited they
are obligated to produce and maintain a list of
all companies that they have certified. The list
may be in hard copy or part of their web page.
Obtain access to the list and then pick six or
seven certified companies. Select companies
which are either in similar businesses to yours
or which are geographically close to you or just
select companies whose judgment you trust.
Price is important
Money is obviously important to most of us as
individuals, as employees and as managers
and owners of businesses. Most of the major
registrars have an overall cost of certification
which is similar. Auditor day rate might appear
to be a convenient indicator to compare
registrar costs - but it will not give you the
basis for an apples-to apples comparison. An
important thing to keep in mind is that registrars
have many different ways of actually structuring
their quotations. There are some registrars that
have application, listing and administration fees,
additions to travel expenses, cancellation and
deferment fees.
There are almost as many pricing schemes
as there are registrars. How they price is not
nearly as important as the overall cost for
certification - having said that, keep a look out
for cancellation and deferment charges which
can be particularly unfriendly. Irrespective of
how a quotation is structured the important
thing is that you are able to determine the
exact cost-of-ownership. Most registrars will
have certificates which are valid for three years.
Irrespective of how the pricing is structured, ask
for quotations in a format that will allow you to
determine the full, accurate costs for a three year
period. This will enable you to make an apples-
to-apples comparison of registrar charges.So
all these things being equal - how do you make
an informed decision? When making a registrar
selection price is important but should not be
your primary selection criteria. If you make a
decision based solely on price you are probably
making a decision that you may regret later.
Certification is a free market service. This means
that there is no requirement for a registrar to be
accredited (some industry specific standards
may require accreditation.) If a registrar is
unaccredited, there are no rules or requirements
for auditor training and qualifications, industry
or work experience, the methodology for the
certification process and more.
Compliance with accreditation requirements
costs money - but has value to you as a
customer. Look for registrars that offer value
added services beyond the structured
certification process such as company listing
on their web site, electronic access to your
audit reports and audit schedule. The external
fees that you will pay to registrars for your
certification are small compared to money you
will have invested internally in putting your
system in place. Most estimates will show that
the internal costs are at least 10 times the costs
that you will pay the registrar. Having made
the commitment and investment to implement
a system in conformance to OHSAS 18001 -
keep cost in mind when making your registrar
selection but make sure that you take into
account the other important factors described
here.
People Factors
The registration/certification process is
very much an individual people business
- outside of the certificate itself, there is no
physical product. The product consists of
a series of interfaces from initial requests for
information, requests for quotations, answers
to questions, visits and presentations. Ask
yourself the following questions about your
initial experiences when dealing with a potential
registrar candidate.

They will give you a pretty good indication where
the registrar is on the
people factor scale:
What was and has been the response to your
requests?
Were the responses timely?
What was the general attitude of the people
you had to deal with?
Do they really act like they would want and
work to keep your business?
Are these the kind of people that you would
look forward to having a long term business
relationship with?
Summary
Selecting an OHSAS 18001 registrar is an
important decision, everything being equal, it is
a relationship which will, ideally, be in place for a
long time. Taking the time to evaluate registrars
based on the above criteria will be a good
investment of your time and money.
What is OHSAS 18001 and should I care? SUMMARY 09
Why partner with DNV GL?
Driven by our purpose of safeguarding life,
property and the environment, DNV GL
enables organizations to advance the safety
and sustainability of their business. DNV GL is a
leading provider of classification, certification,
verification and training services. With our origins
stretching back to 1864, our reach today is
global. Operating in more than 100 countries, our
16,000 professionals are dedicated to helping
our customers make the world safer, smarter and
greener.
As a world-leading certification body, DNV GL
helps businesses assure the performance of their
organizations, products, people, facilities and
supply chains through certification,
verification, assessment, and training services.
Partnering with our customers, we build
sustainable business performance and create
stakeholder trust.
*Risk Based Certification is a registered EU
trademark of DNV GL AS.
For more information contact us:
Contactus@dnvgl.com
www.dnvglcert.com
10 SECTION Brochure name

SAFER, SMARTER, GREENER

Why partner with DNV GL?

Driven by our purpose of safeguarding life, property and the environment, DNV GL enables organizations to advance the safety and
sustainability of their business. DNV GL is a leading provider of classification, certification, verification and training services. With
our origins stretching back to 1864, our reach today is global. Operating in more than 100 countries, our 16,000 professionals are
dedicated to helping our customers make the world safer, smarter and greener.

As a world-leading certification body, DNV GL helps businesses assure the performance of their organizations, products, people,
facilities and supply chains through certification, verification, assessment, and training services. Partnering with our customers, we build
sustainable business performance and create stakeholder trust.

DNV GL - Business Assurance 1400 Ravello Katy, TX Tel: 1-877-368-3530 Version 05.14